/*
 * Copyright (C) 2019 - 2020 Rabobank Nederland
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *         http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.rabobank.argos.service.security;

import lombok.extern.slf4j.Slf4j;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.security.web.authentication.www.BasicAuthenticationConverter;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

import static com.rabobank.argos.service.security.NonPersonalAccountAuthenticationToken.NonPersonalAccountCredentials;

@Slf4j
public class KeyIdBasicAuthenticationFilter extends OncePerRequestFilter {
    private final BasicAuthenticationConverter authenticationConverter;

    public KeyIdBasicAuthenticationFilter(BasicAuthenticationConverter authenticationConverter) {
        this.authenticationConverter = authenticationConverter;
    }

    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
        UsernamePasswordAuthenticationToken parsedTokenFromBasicHeader = authenticationConverter.convert(request);

        if (parsedTokenFromBasicHeader != null) {
            NonPersonalAccountCredentials nonPersonalAccountCredentials = NonPersonalAccountCredentials
                    .builder()
                    .keyId((String) parsedTokenFromBasicHeader.getPrincipal())
                    .password((String) parsedTokenFromBasicHeader.getCredentials())
                    .build();

            NonPersonalAccountAuthenticationToken nonPersonalAccountAuthenticationToken = new NonPersonalAccountAuthenticationToken(nonPersonalAccountCredentials
                    , null);
            nonPersonalAccountAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
            SecurityContextHolder.getContext().setAuthentication(nonPersonalAccountAuthenticationToken);
            log.debug("successfully resolved basic token  {}", parsedTokenFromBasicHeader);
        }

        chain.doFilter(request, response);
    }

}
